src - OpenBSD base system

diff options


context:
space:
mode:

author	Thorsten Lockert <tholo@cvs.openbsd.org>	2001-02-26 06:19:35 +0000
committer	Thorsten Lockert <tholo@cvs.openbsd.org>	2001-02-26 06:19:35 +0000
commit	b7119c867c07c585323356012502c089c49e9836 (patch)
tree	43f2e9091386f3fdc38ce919f9d80ab37f114c31 /sbin
parent	c3cb36189425d0c52e9bdd76aa13922f96349b20 (diff)

Allow configuration of WEP. From FreeBSD; ok aaron@

Diffstat (limited to 'sbin')

-rw-r--r--

sbin/ancontrol/ancontrol.8

-rw-r--r--

sbin/ancontrol/ancontrol.c

233

2 files changed, 265 insertions, 22 deletions

diff --git a/sbin/ancontrol/ancontrol.8 b/sbin/ancontrol/ancontrol.8
index 0087337d82a..b616706d8fa 100644
--- a/sbin/ancontrol/ancontrol.8
+++ b/sbin/ancontrol/ancontrol.8

@@ -1,4 +1,4 @@

-.\" $OpenBSD: ancontrol.8,v 1.6 2000/11/09 17:52:52 aaron Exp $

+.\" $OpenBSD: ancontrol.8,v 1.7 2001/02/26 06:19:34 tholo Exp $

.\"

@@ -47,23 +47,28 @@

.Op Fl I

.Op Fl T

.Op Fl C

-.Op Fl t Ar 0|1|2|3|4

-.Op Fl s Ar 0|1|2|3

.Op Fl a Ar AP

-.Op Fl v Ar 1|2|3|4

.Op Fl b Ar beacon period

-.Op Fl d Ar 0|1|2|3

+.Op Fl c Ar channel number

.Op Fl v Ar 0|1

+.Op Fl d Ar 0|1|2|3

+.Op Fl e Ar 0|1|2|3

+.Op Fl f Ar fragmentation threshold

.Op Fl j Ar netjoin timeout

+.Op Fl v Ar 0|1|2|3|4|5|6|7

+.Op Fl k Ar key

+.Op Fl K Ar 0|1|2

.Op Fl l Ar station name

.Op Fl m Ar macaddress

-.Op Fl n Ar SSID

.Op Fl v Ar 1|2|3

+.Op Fl n Ar SSID

.Op Fl o Ar 0|1

.Op Fl p Ar tx power

-.Op Fl c Ar channel number

-.Op Fl f Ar fragmentation threshold

.Op Fl r Ar RTS threshold

+.Op Fl s Ar 0|1|2|3

+.Op Fl t Ar 0|1|2|3|4

+.Op Fl v Ar 1|2|3|4

+.Op Fl W Ar 0|1|2

.Sh DESCRIPTION

The

.Nm

@@ -168,7 +173,7 @@ Valid selections are as follows:

.Pp

Note that for IBSS (ad-hoc) mode, only PSP mode is supported, and only

if the ATIM window is non-zero.

-.It Fl a Ar AP Fl v Ar "1|2|3|4

+.It Fl v Ar "1|2|3|4" Fl a Ar AP

Set preferred access point.

The

.Ar AP

@@ -189,7 +194,7 @@ Set the ad-hoc mode beacon period.

The becon period is specified in

milliseconds.

The default is 100ms.

-.It Fl d Ar 0|1|2|3 Fl v Ar "0|1"

+.It Fl v Ar "0|1" Fl d Ar "0|1|2|3"

Select the antenna diversity.

Aironet devices can be configured with up

to two antennas, and transmit and receive diversity can be configured

@@ -214,6 +219,33 @@ option: selection

sets the receive diversity and

.Ar 1

sets the transmit diversity.

+.It Fl d Ar "0|1|2|3"

+Set the transmit WEP key to use.

+Note that until this command is issued, the device will use the

+last key programmed. The transmit key is stored in NVRAM.

+Currently set transmit key can be checked via

+.Fl C

+option.

+.It Fl v Ar "0|1|2|3|4|5|6|7" Fl k Ar key

+Set a WEP key.

+For 40 bits, prefix 10 hex digits with 0x.

+For 128 bits, prefix 26 hex digits with 0x.

+Use "" as the key to erase it.

+Supports 4 keys; even numbers are for permanent keys

+and odd numbers are for temporary keys.

+For example, "-v 1" sets the first temporary key.

+(A "permanent" key is stored in NVRAM; a "temporary" key is not.)

+Note that the device will use the most recently-programmed key

+by default.

+Currently set keys can be checked via

+.Fl C

+option, only the sizes of the keys are returned.

+.It Fl K Ar "0|1|2"

+Set authorization type.

+Use 0 for none, 1 for "Open", 2 for "Shared Key".

+.It Fl W Ar "0|1|2"

+Enable WEP.

+Use 0 for no WEP, 1 to enable full WEP, 2 for mixed cell.

.It Fl j Ar netjoin timeout

Set the ad-hoc network join timeout.

When a station is first activated

@@ -242,7 +274,7 @@ is specified as a series of six hexadecimal values separated by colons,

e.g.: 00:60:1d:12:34:56.

This programs the new address into the card

and updates the interface as well.

-.It Fl n Ar SSID "[-v 1|2|3]"

+.It Fl v Ar "1|2|3" Fl n Ar SSID

Set the desired SSID (network name).

There are three SSIDs which allows

the NIC to work with access points at several locations without needing

diff --git a/sbin/ancontrol/ancontrol.c b/sbin/ancontrol/ancontrol.c
index 564d6f9c2a9..dfcadf78966 100644
--- a/sbin/ancontrol/ancontrol.c
+++ b/sbin/ancontrol/ancontrol.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ancontrol.c,v 1.8 2000/10/13 18:58:09 chris Exp $ */

+/* $OpenBSD: ancontrol.c,v 1.9 2001/02/26 06:19:34 tholo Exp $ */

@@ -77,6 +77,7 @@ void an_setconfig __P((char *, int, void *));

void an_setssid __P((char *, int, void *));

void an_setap __P((char *, int, void *));

void an_setspeed __P((char *, int, void *));

+void an_readkeyinfo __P((char *));

#ifdef ANCACHE

void an_zerocache __P((char *));

void an_readcache __P((char *));

@@ -119,6 +120,11 @@ int main __P((int, char **));

#define ACT_DUMPCACHE 31

#define ACT_ZEROCACHE 32

+#define ACT_ENABLE_WEP 33

+#define ACT_SET_KEY_TYPE 34

+#define ACT_SET_KEYS 35

+#define ACT_ENABLE_TX_KEY 36

void

an_getval(iface, areq)

char *iface;

@@ -683,14 +689,25 @@ an_dumpconfig(iface)

an_printwords(&cfg->an_ibss_join_net_timeout, 1);

printf("\nAuthentication timeout:\t\t\t");

an_printwords(&cfg->an_auth_timeout, 1);

+ printf("\nWEP enabled:\t\t\t\t[ ");

+ if (cfg->an_authtype & AN_AUTHTYPE_PRIVACY_IN_USE)

+ {

+ if (cfg->an_authtype & AN_AUTHTYPE_ALLOW_UNENCRYPTED)

+ printf("mixed cell");

+ else

+ printf("full");

+ }

+ else

+ printf("no");

+ printf(" ]");

printf("\nAuthentication type:\t\t\t[ ");

- if (cfg->an_authtype == AN_AUTHTYPE_NONE)

- printf("no auth");

- if (cfg->an_authtype == AN_AUTHTYPE_OPEN)

+ if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_NONE)

+ printf("none");

+ if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_OPEN)

printf("open");

- if (cfg->an_authtype == AN_AUTHTYPE_SHAREDKEY)

+ if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_SHAREDKEY)

printf("shared key");

- if (cfg->an_authtype == AN_AUTHTYPE_EXCLUDE_UNENCRYPTED)

+ if ((cfg->an_authtype & AN_AUTHTYPE_MASK) == AN_AUTHTYPE_EXCLUDE_UNENCRYPTED)

printf("exclude unencrypted");

printf(" ]");

printf("\nAssociation timeout:\t\t\t");

@@ -777,6 +794,7 @@ an_dumpconfig(iface)

an_printwords(&cfg->an_arl_delay, 1);

printf("\n");

+ an_readkeyinfo(iface);

return;

}

@@ -788,10 +806,11 @@ usage(p)

{

fprintf(stderr,

"usage: ancontrol interface [-A] [-N] [-S] [-I] [-T] [-C] [-t 0|1|2|3|4]\n"

- " [-s 0|1|2|3] [-a AP] [-v 1|2|3|4] [-b beacon period] [-d 0|1|2|3]\n"

- " [-v 0|1] [-j netjoin timeout] [-l station name] [-m macaddress]\n"

- " [-n SSID] [-v 1|2|3] [-o 0|1] [-p tx power] [-c channel number]\n"

- " [-f fragmentation threshold] [-r RTS threshold]\n");

+ " [-s 0|1|2|3] [-v 1|2|3|4] [-a AP] [-b beacon period] [-v 0|1]\n"

+ " [-d 1|2|3|4] [-e 0|1|2|3] [-j netjoin timeout] [-v 0|1|2|3|4|5|6|7[\n"

+ " [-k key] [-K 0|1|2] [-l station name] [-m macaddress] [-v 1|2|3]\n"

+ " [-n SSID] [-o 0|1] [-p tx power] [-c channel number]\n"

+ " [-f fragmentation threshold] [-r RTS threshold] [-W 0|1|2]\n");

#ifdef ANCACHE

fprintf(stderr,

" [-Q] [-Z]\n");

@@ -904,6 +923,26 @@ an_setconfig(iface, act, arg)

bzero(cfg->an_macaddr, ETHER_ADDR_LEN);

bcopy((char *)addr, (char *)&cfg->an_macaddr, ETHER_ADDR_LEN);

break;

+ case ACT_ENABLE_WEP:

+ switch(atoi(arg)) {

+ case 0: /* WEP disabled */

+ cfg->an_authtype &= ~(AN_AUTHTYPE_PRIVACY_IN_USE

+ | AN_AUTHTYPE_ALLOW_UNENCRYPTED);

+ break;

+ case 1: /* WEP enabled */

+ cfg->an_authtype |= AN_AUTHTYPE_PRIVACY_IN_USE;

+ cfg->an_authtype &= ~AN_AUTHTYPE_ALLOW_UNENCRYPTED;

+ break;

+ case 2: /* WEP optional */

+ cfg->an_authtype = AN_AUTHTYPE_PRIVACY_IN_USE

+ | AN_AUTHTYPE_ALLOW_UNENCRYPTED;

+ break;

+ }

+ break;

+ case ACT_SET_KEY_TYPE:

+ cfg->an_authtype = (cfg->an_authtype & ~AN_AUTHTYPE_MASK)

+ | atoi(arg);

+ break;

default:

errx(1, "unknown action");

break;

@@ -1113,6 +1152,160 @@ an_readcache(iface)

}

#endif

+int

+an_hex2int(c)

+ char c;

+ if (c >= '0' && c <= '9')

+ return (c - '0');

+ if (c >= 'A' && c <= 'F')

+ return (c - 'A' + 10);

+ if (c >= 'a' && c <= 'f')

+ return (c - 'a' + 10);

+ return (0);

+void

+an_str2key(s, k)

+ char *s;

+ struct an_ltv_key *k;

+ int n, i;

+ char *p;

+ /* Is this a hex string? */

+ if (s[0] = '0' && (s[1] == 'x' || s[1] == 'X')) {

+ /* Yes, convert to int */

+ n = 0;

+ p = (char *)&k->key[0];

+ for (i = 2; i < strlen(s); i += 2) {

+ *p++ = (an_hex2int(s[i]) << 4) + an_hex2int(s[i + 1]);

+ n++;

+ }

+ k->klen = n;

+ } else {

+ /* No, just copy it in */

+ bcopy(s, k->key, strlen(s));

+ k->klen = strlen(s);

+ }

+ return;

+void

+an_setkeys(iface, key, keytype)

+ char *iface;

+ char *key;

+ int keytype;

+ struct an_req areq;

+ struct an_ltv_key *k;

+ bzero((char *)&areq, sizeof(areq));

+ k = (struct an_ltv_key *)&areq;

+ if (strlen(key) > 28) {

+ err(1, "encryption key must be no "

+ "more than 18 characters long");

+ }

+ an_str2key(key, k);

+ k->kindex = keytype / 2;

+ if (!(k->klen == 0 || k->klen == 5 || k->klen == 13)) {

+ err(1, "encryption key must be 0, 5 or 13 bytes long");

+ }

+ /* default mac and only valid one (from manual) 1:0:0:0:0:0 */

+ k->mac[0] = 1;

+ k->mac[1] = 0;

+ k->mac[2] = 0;

+ k->mac[3] = 0;

+ k->mac[4] = 0;

+ k->mac[5] = 0;

+ areq.an_len = sizeof(struct an_ltv_key);

+ areq.an_type = (keytype & 1)

+ ? AN_RID_WEP_VOLATILE : AN_RID_WEP_PERMANENT;

+ an_setval(iface, &areq);

+ return;

+void

+an_readkeyinfo(iface)

+ char *iface;

+ struct an_req areq;

+ struct an_ltv_key *k;

+ int i;

+ bzero((char *)&areq, sizeof(areq));

+ k = (struct an_ltv_key *)&areq;

+ printf ("\nWEP Key status:\n");

+ areq.an_type = AN_RID_WEP_VOLATILE; /* read first key */

+ for (i = 0; i < 4; i++) {

+ areq.an_len = sizeof(struct an_ltv_key);

+ an_getval(iface, &areq);

+ switch (k->klen) {

+ case 0:

+ printf("\tKey %d is unset\n", i);

+ break;

+ case 5:

+ printf("\tKey %d is set 40 bits\n", i);

+ break;

+ case 13:

+ printf("\tKey %d is set 128 bits\n", i);

+ break;

+ default:

+ printf("\tKey %d has an unknown size %d\n", i, k->klen);

+ break;

+ }

+ areq.an_type = AN_RID_WEP_PERMANENT; /* read next key */

+ }

+ k->kindex = 0xffff;

+ areq.an_len = sizeof(struct an_ltv_key);

+ an_getval(iface, &areq);

+ printf("\tThe active transmit key is %d\n", k->mac[0]);

+ return;

+void

+an_enable_tx_key(iface, arg)

+ char *iface;

+ char *arg;

+ struct an_req areq;

+ struct an_ltv_key *k;

+ bzero((char *)&areq, sizeof(areq));

+ k = (struct an_ltv_key *)&areq;

+ /*

+ * From a Cisco engineer: Write the transmit key

+ * to use in the first MAC, index is FFFF

+ */

+ k->kindex = 0xFFFF;

+ k->klen = 0;

+ k->mac[0] = atoi(arg);

+ k->mac[1] = 0;

+ k->mac[2] = 0;

+ k->mac[3] = 0;

+ k->mac[4] = 0;

+ k->mac[5] = 0;

+ areq.an_len = sizeof(struct an_ltv_key);

+ areq.an_type = AN_RID_WEP_PERMANENT;

+ an_setval(iface, &areq);

+ return;

int

main(argc, argv)

@@ -1134,7 +1327,7 @@ main(argc, argv)

}

while ((ch = getopt(argc, argv,

- "i:ANISCTt:a:o:s:n:v:d:f:j:b:c:r:p:w:m:l:QZ")) != -1) {

+ "i:ANISCTt:a:e:o:s:n:v:d:f:j:b:c:r:p:w:m:l:k:K:W:QZ")) != -1) {

switch(ch) {

case 'Z':

#ifdef ANCACHE

@@ -1285,6 +1478,18 @@ main(argc, argv)

act = ACT_SET_WAKE_DURATION;

arg = optarg;

break;

+ case 'W':

+ act = ACT_ENABLE_WEP;

+ arg = optarg;

+ break;

+ case 'K':

+ act = ACT_SET_KEY_TYPE;

+ arg = optarg;

+ break;

+ case 'k':

+ act = ACT_SET_KEYS;

+ arg = optarg;

+ break;

default:

usage(p);

}

@@ -1334,6 +1539,12 @@ main(argc, argv)

an_readcache(iface);

break;

#endif

+ case ACT_SET_KEYS:

+ an_setkeys(iface, arg, modifier);

+ break;

+ case ACT_ENABLE_TX_KEY:

+ an_enable_tx_key(iface, arg);

+ break;

default:

an_setconfig(iface, act, arg);

break;